Re: 1.5.7 BUG: character set in traditional PGP
On 2005-02-11 12:27:54 +0100, Werner Koch wrote:
> Except for end of line conversions in text mode, gpg views the
> signed or encrypted data as opaque. In theory we could look at
> the armor headers but we don't want to do that. One reason is
> that the conversion of the data according to the armor header
> lines may change the text in an unwanted way (cf. recent IDN
> based phishing attack) and those armor headers are not part of
> the signed data, so everyone may change it without gpg noticing
> it.
Good point. Very good point.
In fact, a very good point against doing anything but UTF-8 inside
traditional PGP encrypted text.
(Note that "best-effort handling" of signed data is opening another
can of worms, as it may, too, be abused to give different meanings
to data.)
And so we're stuck.
--
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.